mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 05:04:07 -08:00
Fix for Vue js not loading due to CSP :(
This commit is contained in:
parent
35b9cf4b70
commit
339bdddc38
|
@ -87,7 +87,7 @@ class SecurityHeaders
|
|||
}
|
||||
|
||||
|
||||
// This defaults to false to maintain backwards compatibility
|
||||
// This defaults to false to maintain backwards compatibility for
|
||||
// people who are not running Snipe-IT over TLS (shame, shame, shame!)
|
||||
// Seriously though, please run Snipe-IT over TLS. Let's Encrypt is free.
|
||||
// https://letsencrypt.org
|
||||
|
@ -102,7 +102,7 @@ class SecurityHeaders
|
|||
if ((config('app.debug')!='true') || (config('app.enable_csp')=='true')) {
|
||||
$csp_policy[] = "default-src 'self'";
|
||||
$csp_policy[] = "style-src 'self' 'unsafe-inline'";
|
||||
$csp_policy[] = "script-src 'self' 'unsafe-inline'";
|
||||
$csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";
|
||||
$csp_policy[] = "connect-src 'self'";
|
||||
$csp_policy[] = "object-src 'none'";
|
||||
$csp_policy[] = "font-src 'self' data:";
|
||||
|
|
Loading…
Reference in a new issue